Question

I formerly asked the question "Anyone experience in Windows 2007 where certain websites will not open?" I received replies but nothing resolved the issue that our agency's webpage will not open in the four new Windows 2007 computers our agency recently purchased. It can be opened on any of the agency's windows XP computers. I can open the website on a Window 07 laptop on my home network but once I bring the laptop to work and connect to the local network it cannot open the webiste. I've connected a windows 07 computer directly to the gateway by passing the firewall and switches and it can open the website.

I have boiled it down to possibly the issue originating from the configuration of our CISCO Pix 506e firewall. It has been in service for over ten years with very little or no updates. I have no experience with this hardware. It seems you need a CISCO service contract to be able to download utilites or firmware for hardware you own. Our agency does not have a current contract.

Is there a configuration or setting that could cause our agency's website from opening in a window 2007 PC?

Clarifications

I didn't see your previous question, but are you (behind the PIX) able to open any websites or most but not your companies? What error is the browser throwing up when you try to access your agency's website?

All Answers

Lots more information needed...

That is correct on the Cisco hardware requiring a contract to download the new IOS. And, something that old is getting close to EOL (end of life)-- http://www.cisco .com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/prod_eol_notice0900aecd80731dfa.html

But, how are we to help unless we can see the configuration of the PIX?? Strip out all static IP's on the net, username/passwords, sensitive or identifying information. etc.

Just a thought, but is DNS working OK on the internal network? XP may be using WINS or NetBIOS to resolve names... Can you ping the address on the Win7 Machine from the internal network?

port blocking

Out of curiosity, does the link that will not open have a port at the end?Like http://www.the-web-site.com:8080/the-page.htmIf so, you will need to open that port outbound. Post your config like cmiller says and check the link for a port and let us know.

Reponse To Answer

There is no port on the end of the link. I will need to research how to copy the config and will post. Will not be back at work until Monday evening. Going in late so I can remove CISCO Pix from the network and see if the Window 07 box can then open the webiste.

I doubt it's the PIX unless the web site is external.

The PIX firewall filters traffic going into and out of the PIX. That's basically all it does. So if the web site is hosted inside of the PIX, it's not the PIX. If the web site is hosted outside of the PIX, then I would say yes, it's the PIX.

side note: "updates" to Cisco's IOS would not be the issue. The issue would be ACLs, extended ACLs, which are Cisco's IOS method of filtering traffic. Cisco ACLs have an implicit deny at the end of it and is not viewable in the ACL configuration. That implicit deny means that if an ACL is used, traffic that is not specifically allowed, is denied. ACLs can be configured to filter traffic in a multitude of ways from ip address to a range of addresses to specific content type, to MAC addresses, and can be implimented on either the internal interface, or external interface. If you know nothing about Cisco or very little, hire a consultant or hire Cisco to fix it.

Reponse To Answer

Yes Cisco support is hardware specific. Your PIX firewall is a discontinued item. The ASA series is Cisco's new firewall. But that should not mean Cisco won't help, or that you could not find a Cisco partner that could help.

more ideas

I reread your post. I'll throw a few more questions to you. So inside from xp is good, inside from win07 no good. Depending on how your network is configured, (i.e. your pix is between the 07 device and the site, or something else is in the mix), you can troubleshoot from there. That layout is important, and the config will help rule the pix in or out. You mentioned bypassing pix and switches, so there is some gray area in there as to where the issue lies. If your server lies in a dmz somewhere behind the pix or another device, you can dig there. Is the server internal, or external? I'd be curious to know if your xp and 07 pc's are in the same network, and if they are resolving an internal or external address (if you ping the server by name, what address do you get). cmiller mentioned netbios and wins which makes sense, but we do need a little more to go on. Sometimes, the dialog will help find the answer or places to look, which is even better than someone pointing it out. So, a couple more questions to help sort this out.server inside or outside, or dmzif inside in dmz, where is that compared to pix?07 and xp on same network and ip range?dns working internally?Have the xp machines been rebooted recently?Name, ip or network change recently on server?A ping from xp and 07 to name of server yields what address (inside or outside) even if this fails, this is good information to have. If you get an inside address on the xp and outside address on the 07, that is a clue.Lastly, when you say from home it works, is that over a vpn or directly over the internet?

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.